Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

E machine infected with smart hdd


  • This topic is locked This topic is locked
51 replies to this topic

#1 neolani

neolani

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 22 April 2012 - 07:26 AM

my laptop was recently infected with smart hdd. i tried several suggestions to remove it. finally was given a key by microsoft to activate it and thus allowing me to download malware bytes to remove it. well, that didnt work, now my computer is stuck in a start up loop. i can not start in safe mode. my onlky choices are start up repair, which does not work, or start windows normally, which also does not work! please help!
Also startup repair could not fix the problem and left me with these options....startup repair, system restore, system image recovery, windows memory diagnostic, and command prompt. I am at a loss here.

Edited by hamluis, 22 April 2012 - 08:14 AM.
Moved from Win 7 to Am i Infected, placed on Unbootable List, Hamluis.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,411 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:05:03 PM

Posted 22 April 2012 - 08:10 AM

Added to Unbootables list, moved to Am I Infected forum.

One of our malware personnel will assist you, please be patient.

Louis

#3 neolani

neolani
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 22 April 2012 - 09:26 AM

thank you! i just dont know what to do next!

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:03 AM

Posted 22 April 2012 - 09:30 AM

Hi neolani ,

Welcome to Bleeping Computer.

I'll move the topic to the appropriate forum and assist you from there.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

#5 neolani

neolani
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 22 April 2012 - 10:08 AM

Scan result of Farbar Recovery Scan Tool Version: 22-04-2012
Ran by SYSTEM at 22-04-2012 11:03:11
Running from H:\
Windows 7 Professional (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1436736 2011-06-15] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM-x32\...\Run: [cdEaqoYrltbao.exe] C:\ProgramData\cdEaqoYrltbao.exe [x]
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKU\Lani\...\Run: [EasyTether] "C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe" [48648 2011-05-22] (Mobile Stream)
HKU\Lani\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet [6497592 2011-11-23] (Yahoo! Inc.)
HKU\Lani\...\Run: [Facebook Update] "C:\Users\Lani\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [137536 2012-04-18] (Facebook Inc.)
HKU\Lani\...\Run: [QELArpLpPqGNrU] C:\ProgramData\QELArpLpPqGNrU.exe [221184 2012-04-21] ()
HKU\Lani\...\Policies\system: [LogonHoursAction] 2
HKU\Lani\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Sean\...\Policies\system: [LogonHoursAction] 2
HKU\Sean\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

2 Ati External Event Utility; C:\Windows\System32\Ati2evxx.exe [932864 2008-12-01] (ATI Technologies Inc.)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
2 Tether; C:\Program Files (x86)\Tether\TBService.exe [52664 2011-07-11] ()
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [x]

========================== Drivers (Whitelisted) =============

3 androidusb; C:\Windows\System32\Drivers\smhwadb.sys [31744 2009-12-23] (Google Inc)
3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation)
3 easytether; C:\Windows\System32\DRIVERS\easytthr.sys [20752 2011-05-22] (Mobile Stream)
0 EnumProcessesDriver; C:\Windows\System32\Drivers\EnumProcessesDriver.sys [20080 2012-04-19] ()
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
3 pneteth; C:\Windows\System32\Drivers\pneteth.sys [15360 2011-07-19] (June Fabrics Technology Inc.)
1 qgwjmpdo; C:\Windows\System32\Drivers\qgwjmpdo.sys [48464 2012-04-21] (Microsoft Corporation)
3 smhwdev; C:\Windows\System32\Drivers\smhwdev.sys [114432 2010-01-12] (Huawei Technologies Co., Ltd.)
3 smhwser; C:\Windows\System32\Drivers\smhwser.sys [122624 2010-02-03] (QUALCOMM Incorporated)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: mcods

============ One Month Created Files and Folders ==============

2012-04-22 11:03 - 2009-07-13 21:08 - 0000000 ____D C:\FRST
2012-04-21 18:02 - 2012-04-20 20:49 - 0000000 ____D C:\Program Files (x86)\GridinSoft Trojan Killer
2012-04-21 17:45 - 2012-04-21 09:01 - 0000882 ___RA C:\Windows\System32\Drivers\etc\hosts.728C75B9163F45A6
2012-04-21 17:45 - 2009-07-13 15:19 - 0048464 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\qgwjmpdo.sys
2012-04-21 17:40 - 2012-04-21 16:41 - 0123658 ____A C:\TDSSKiller.2.7.31.0_21.04.2012_21.40.34_log.txt
2012-04-21 16:53 - 2012-04-21 14:26 - 0302592 ____A C:\Users\Lani\Downloads\rn3k97bl.exe
2012-04-21 16:39 - 2012-04-21 14:34 - 0123668 ____A C:\TDSSKiller.2.7.31.0_21.04.2012_20.39.54_log.txt
2012-04-21 15:46 - 2011-12-28 15:34 - 2072624 ____A (Kaspersky Lab ZAO) C:\Users\Lani\Downloads\tdsskiller(1).exe
2012-04-21 15:25 - 2009-07-13 15:26 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-21 15:25 - - 0001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-21 14:56 - 2009-07-13 17:39 - 0052980 ____A C:\Windows\ntbtlog.txt
2012-04-21 14:34 - 2012-04-21 17:43 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-04-21 14:32 - 2012-04-22 00:01 - 0124552 ____A C:\TDSSKiller.2.7.31.0_21.04.2012_18.32.56_log.txt
2012-04-21 14:32 - 2012-04-21 15:46 - 2072624 ____A (Kaspersky Lab ZAO) C:\Users\Lani\Downloads\tdsskiller.exe
2012-04-21 14:28 - 2007-12-31 11:57 - 0003138 ____A C:\rkill.log
2012-04-21 14:26 - 2012-01-28 20:08 - 1008141 ____A C:\Users\Lani\Downloads\rkill.com
2012-04-21 14:07 - 2012-04-21 17:34 - 0000000 ____A C:\Users\All Users\-QELArpLpPqGNrUr
2012-04-21 14:07 - 2012-04-21 17:34 - 0000000 ____A C:\ProgramData\-QELArpLpPqGNrUr
2012-04-21 14:07 - 2012-04-09 11:09 - 0000160 ____A C:\Users\All Users\-QELArpLpPqGNrU
2012-04-21 14:07 - 2012-04-09 11:09 - 0000160 ____A C:\ProgramData\-QELArpLpPqGNrU
2012-04-21 14:06 - 2012-04-21 17:35 - 0221184 ____A C:\Users\All Users\QELArpLpPqGNrU.exe
2012-04-21 14:06 - 2012-04-21 17:35 - 0221184 ____A C:\ProgramData\QELArpLpPqGNrU.exe
2012-04-21 14:06 - 2012-04-20 21:21 - 0000647 ____A C:\Users\Lani\Desktop\SMART_HDD.lnk
2012-04-21 14:06 - 2012-04-05 06:29 - 0000352 ____A C:\Users\All Users\QELArpLpPqGNrU
2012-04-21 14:06 - 2012-04-05 06:29 - 0000352 ____A C:\ProgramData\QELArpLpPqGNrU
2012-04-21 13:57 - 2009-07-13 17:40 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-04-21 13:40 - 2008-01-06 00:58 - 0274000 ____A C:\Windows\Minidump\042112-24429-01.dmp
2012-04-21 13:06 - 2012-04-21 07:46 - 0005548 ____A C:\Windows\System32\PerfStringBackup.TMP
2012-04-21 12:58 - 2012-04-21 13:40 - 0274000 ____A C:\Windows\Minidump\042112-27643-01.dmp
2012-04-21 10:38 - 2012-04-21 17:00 - 0000342 ____A C:\Windows\Tasks\At47.job
2012-04-21 10:38 - 2012-04-21 14:00 - 0000342 ____A C:\Windows\Tasks\At44.job
2012-04-21 10:38 - 2012-04-21 13:00 - 0000342 ____A C:\Windows\Tasks\At43.job
2012-04-21 10:38 - 2012-04-21 12:58 - 0000342 ____A C:\Windows\Tasks\At48.job
2012-04-21 10:38 - 2012-04-21 12:58 - 0000342 ____A C:\Windows\Tasks\At46.job
2012-04-21 10:38 - 2012-04-21 12:58 - 0000342 ____A C:\Windows\Tasks\At45.job
2012-04-21 10:38 - 2012-04-21 12:58 - 0000342 ____A C:\Windows\Tasks\At40.job
2012-04-21 10:38 - 2012-04-21 12:58 - 0000342 ____A C:\Windows\Tasks\At39.job
2012-04-21 10:38 - 2012-04-21 12:58 - 0000342 ____A C:\Windows\Tasks\At38.job
2012-04-21 10:38 - 2012-04-21 12:58 - 0000342 ____A C:\Windows\Tasks\At37.job
2012-04-21 10:38 - 2012-04-21 12:58 - 0000342 ____A C:\Windows\Tasks\At36.job
2012-04-21 10:38 - 2012-04-21 12:58 - 0000342 ____A C:\Windows\Tasks\At35.job
2012-04-21 10:38 - 2012-04-21 12:58 - 0000342 ____A C:\Windows\Tasks\At34.job
2012-04-21 10:38 - 2012-04-21 12:58 - 0000342 ____A C:\Windows\Tasks\At33.job
2012-04-21 10:38 - 2012-04-21 12:58 - 0000342 ____A C:\Windows\Tasks\At32.job
2012-04-21 10:38 - 2012-04-21 12:58 - 0000342 ____A C:\Windows\Tasks\At31.job
2012-04-21 10:38 - 2012-04-21 12:58 - 0000342 ____A C:\Windows\Tasks\At30.job
2012-04-21 10:38 - 2012-04-21 12:00 - 0000342 ____A C:\Windows\Tasks\At42.job
2012-04-21 10:38 - 2012-04-21 11:00 - 0000342 ____A C:\Windows\Tasks\At41.job
2012-04-21 10:37 - 2012-04-22 04:06 - 0000000 ____D C:\Windows\system64
2012-04-21 10:37 - 2012-04-21 17:00 - 0000340 ____A C:\Windows\Tasks\At23.job
2012-04-21 10:37 - 2012-04-21 14:03 - 0000340 ____A C:\Windows\Tasks\At2.job
2012-04-21 10:37 - 2012-04-21 13:01 - 0000340 ____A C:\Windows\Tasks\At19.job
2012-04-21 10:37 - 2012-04-21 12:58 - 0000342 ____A C:\Windows\Tasks\At29.job
2012-04-21 10:37 - 2012-04-21 12:58 - 0000342 ____A C:\Windows\Tasks\At28.job
2012-04-21 10:37 - 2012-04-21 12:58 - 0000342 ____A C:\Windows\Tasks\At27.job
2012-04-21 10:37 - 2012-04-21 12:58 - 0000342 ____A C:\Windows\Tasks\At26.job
2012-04-21 10:37 - 2012-04-21 12:58 - 0000342 ____A C:\Windows\Tasks\At25.job
2012-04-21 10:37 - 2012-04-21 12:58 - 0000340 ____A C:\Windows\Tasks\At9.job
2012-04-21 10:37 - 2012-04-21 12:58 - 0000340 ____A C:\Windows\Tasks\At8.job
2012-04-21 10:37 - 2012-04-21 12:58 - 0000340 ____A C:\Windows\Tasks\At7.job
2012-04-21 10:37 - 2012-04-21 12:58 - 0000340 ____A C:\Windows\Tasks\At6.job
2012-04-21 10:37 - 2012-04-21 12:58 - 0000340 ____A C:\Windows\Tasks\At5.job
2012-04-21 10:37 - 2012-04-21 12:58 - 0000340 ____A C:\Windows\Tasks\At4.job
2012-04-21 10:37 - 2012-04-21 12:58 - 0000340 ____A C:\Windows\Tasks\At3.job
2012-04-21 10:37 - 2012-04-21 12:58 - 0000340 ____A C:\Windows\Tasks\At24.job
2012-04-21 10:37 - 2012-04-21 12:58 - 0000340 ____A C:\Windows\Tasks\At22.job
2012-04-21 10:37 - 2012-04-21 12:58 - 0000340 ____A C:\Windows\Tasks\At21.job
2012-04-21 10:37 - 2012-04-21 12:58 - 0000340 ____A C:\Windows\Tasks\At20.job
2012-04-21 10:37 - 2012-04-21 12:58 - 0000340 ____A C:\Windows\Tasks\At16.job
2012-04-21 10:37 - 2012-04-21 12:58 - 0000340 ____A C:\Windows\Tasks\At15.job
2012-04-21 10:37 - 2012-04-21 12:58 - 0000340 ____A C:\Windows\Tasks\At14.job
2012-04-21 10:37 - 2012-04-21 12:58 - 0000340 ____A C:\Windows\Tasks\At13.job
2012-04-21 10:37 - 2012-04-21 12:58 - 0000340 ____A C:\Windows\Tasks\At12.job
2012-04-21 10:37 - 2012-04-21 12:58 - 0000340 ____A C:\Windows\Tasks\At11.job
2012-04-21 10:37 - 2012-04-21 12:58 - 0000340 ____A C:\Windows\Tasks\At10.job
2012-04-21 10:37 - 2012-04-21 12:00 - 0000340 ____A C:\Windows\Tasks\At18.job
2012-04-21 10:37 - 2012-04-21 11:00 - 0000340 ____A C:\Windows\Tasks\At17.job
2012-04-21 10:37 - - 0000340 ____A C:\Windows\Tasks\At1.job
2012-04-21 06:26 - 2012-04-21 12:58 - 0274000 ____A C:\Windows\Minidump\042112-33431-01.dmp
2012-04-21 05:44 - - 0000000 __SHD C:\$RECYCLE.BIN
2012-04-21 05:41 - 2007-12-31 22:38 - 0038224 ____A C:\ComboFix.txt
2012-04-21 05:30 - - 0000855 ___RA C:\Windows\System32\Drivers\etc\hosts
2012-04-21 04:56 - 2012-04-20 21:22 - 0098816 ____A C:\Windows\sed.exe
2012-04-21 04:56 - 2012-04-20 21:04 - 0256000 ____A C:\Windows\PEV.exe
2012-04-21 04:56 - 2012-04-20 20:59 - 0080412 ____A C:\Windows\grep.exe
2012-04-21 04:56 - 2012-03-15 23:22 - 0208896 ____A C:\Windows\MBR.exe
2012-04-21 04:56 - 2012-01-26 08:13 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-04-21 04:56 - 2009-07-13 17:39 - 0068096 ____A C:\Windows\zip.exe
2012-04-21 04:56 - 2009-06-10 12:36 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-04-21 04:56 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-04-21 04:55 - 2011-09-02 05:59 - 0000000 ____D C:\Windows\ERDNT
2012-04-21 04:43 - 2012-04-21 17:36 - 0000000 ____D C:\Qoobox
2012-04-21 04:28 - 2009-06-10 13:14 - 0200976 ____A (Trend Micro Inc.) C:\Windows\SysWOW64\Drivers\tmcomm.sys
2012-04-21 04:22 - 2007-12-31 11:57 - 0000036 ____A C:\Users\Lani\AppData\Local\housecall.guid.cache
2012-04-19 10:53 - 2012-04-17 13:56 - 0016216 ____A C:\Users\Sean\Downloads\eminem.jpg
2012-04-19 07:50 - - 0012250 ____A C:\Users\Lani\Desktop\armband.jpg
2012-04-19 07:45 - 2012-03-15 10:04 - 0006003 ____A C:\Users\Lani\Desktop\imagesCAEOMR0A.jpg
2012-04-19 03:34 - - 0000174 ___SH C:\Users\Lani\Start Menu\Programs\Startup\desktop.ini
2012-04-19 03:34 - - 0000174 ___SH C:\Users\Lani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-04-19 03:12 - 2012-04-19 03:12 - 0000000 ____D C:\Users\All Users\CPA_VA
2012-04-19 03:12 - 2012-04-19 03:12 - 0000000 ____D C:\ProgramData\CPA_VA
2012-04-19 03:12 - 2012-02-12 15:16 - 0000000 ____D C:\Users\All Users\Comodo
2012-04-19 03:12 - 2012-02-12 15:16 - 0000000 ____D C:\ProgramData\Comodo
2012-04-19 03:11 - 2009-07-13 21:37 - 0020080 ____A C:\Windows\System32\Drivers\EnumProcessesDriver.sys
2012-04-19 03:10 - - 0000000 ____D C:\Users\Public\Documents\COMODO
2012-04-19 03:09 - 2012-04-21 05:13 - 0000000 ____D C:\Program Files\COMODO
2012-04-19 03:09 - 2012-01-26 21:08 - 0748656 ____A (COMODO) C:\Users\Lani\Downloads\HealthCheckLauncher_Comodo.exe
2012-04-19 02:43 - 2009-07-13 17:48 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\jhjlhpjh.sys
2012-04-18 12:06 - 2012-04-19 10:53 - 0493512 ____A (Facebook Inc.) C:\Users\Sean\Downloads\FacebookMessengerSetup.exe
2012-04-18 11:43 - - 0000000 ____D C:\Users\Sean\AppData\Roaming\Adobe
2012-04-18 08:26 - 2012-04-21 12:58 - 0000902 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4003444054-3878263867-3711562198-1000Core.job
2012-04-18 08:26 - 2012-04-21 08:31 - 0000924 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4003444054-3878263867-3711562198-1000UA.job
2012-04-18 03:13 - 2012-03-11 11:59 - 0000000 ____D C:\Users\Lani\Downloads\{www.scenetime.com}One.For.The.Money.2012.DVDRip.XviD-USi
2012-04-18 03:13 - - 0000000 ____D C:\Users\Lani\Downloads\21.Jump.Street.2012.TS2DVD.DD2.0.NL.Subs
2012-04-17 13:58 - 2012-04-17 13:56 - 0000000 ____D C:\Users\Sean\AppData\Local\Google
2012-04-17 13:56 - 2012-04-17 13:55 - 0109232 ____A C:\Users\Sean\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-17 13:56 - - 0000174 ___SH C:\Users\Sean\Start Menu\Programs\Startup\desktop.ini
2012-04-17 13:56 - - 0000174 ___SH C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-04-17 13:55 - 2012-04-21 05:41 - 0000000 __SHD C:\Users\Sean\AppData\Local\Temporary Internet Files
2012-04-17 13:55 - 2012-04-21 05:41 - 0000000 ____D C:\Users\Sean\AppData\LocalLow
2012-04-17 13:55 - 2012-04-21 05:41 - 0000000 ____D C:\users\Sean
2012-04-17 13:55 - 2012-04-20 20:56 - 0000000 ____D C:\Users\Sean\AppData\Roaming\Media Center Programs
2012-04-17 13:55 - 2012-04-20 20:55 - 0000000 __SHD C:\Users\Sean\AppData\Local\History
2012-04-17 13:55 - 2012-04-20 20:55 - 0000000 ____D C:\Users\Sean\AppData\Local\Microsoft Help
2012-04-17 13:55 - 2012-04-20 17:32 - 0000020 __ASH C:\Users\Sean\ntuser.ini
2012-04-17 13:55 - 2012-04-17 13:56 - 0000000 __SHD C:\Users\Sean\PrintHood
2012-04-17 13:55 - 2012-04-17 13:56 - 0000000 __SHD C:\Users\Sean\My Documents
2012-04-17 13:55 - 2012-04-17 13:56 - 0000000 __SHD C:\Users\Sean\Documents\My Music
2012-04-17 13:55 - 2012-04-17 13:56 - 0000000 ____D C:\Users\Sean\AppData\Roaming\Macromedia
2012-04-17 13:55 - 2012-04-17 13:55 - 0001230 _RASH C:\Users\Sean\ntuser.pol
2012-04-17 13:55 - 2012-04-17 13:55 - 0000000 __SHD C:\Users\Sean\Templates
2012-04-17 13:55 - 2012-04-17 13:55 - 0000000 __SHD C:\Users\Sean\Start Menu
2012-04-17 13:55 - 2012-04-17 13:55 - 0000000 __SHD C:\Users\Sean\NetHood
2012-04-17 13:55 - 2012-04-17 13:55 - 0000000 __SHD C:\Users\Sean\Documents\My Videos
2012-04-17 13:55 - 2012-04-17 13:55 - 0000000 __SHD C:\Users\Sean\Documents\My Pictures
2012-04-16 19:03 - 2009-07-13 20:49 - 0001275 ____A C:\Users\Lani\Desktop\Z3TA+ 2.lnk
2012-04-16 19:01 - 2011-03-10 21:40 - 1060864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2012-04-16 13:05 - 2012-01-26 21:24 - 0000000 ____D C:\Users\Lani\Downloads\Cakewalk Z3TA Plus 2 STANDALONE VSTi v2.0 x86 x64
2012-04-15 06:15 - 2012-04-20 20:55 - 0000000 ____D C:\Users\Lani\AppData\Roaming\Malwarebytes
2012-04-15 06:14 - 2012-04-20 21:20 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-15 06:14 - 2009-07-13 21:08 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-04-15 06:14 - 2009-07-13 21:08 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-04-15 06:10 - 2012-01-27 11:01 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Lani\Downloads\mbam-setup-1.61.0.1400.exe
2012-04-10 10:33 - 2009-07-13 16:08 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\lqfnudxn.sys
2012-04-10 10:29 - 2007-12-31 11:57 - 0000632 _RASH C:\Users\Lani\ntuser.pol
2012-04-09 11:04 - 2012-04-09 11:09 - 0000160 ____A C:\Users\All Users\-FnYif0cvSWNHPfr
2012-04-09 11:04 - 2012-04-09 11:09 - 0000160 ____A C:\ProgramData\-FnYif0cvSWNHPfr
2012-04-09 11:04 - - 0000000 ____A C:\Users\All Users\-FnYif0cvSWNHPf
2012-04-09 11:04 - - 0000000 ____A C:\ProgramData\-FnYif0cvSWNHPf
2012-04-09 07:45 - 2012-04-19 07:45 - 0010550 ____A C:\Users\Lani\Desktop\imagesCAJMLY0P.jpg
2012-04-05 06:29 - 2012-04-20 21:20 - 0000000 ____D C:\Users\All Users\PC Optimizer Pro
2012-04-05 06:29 - 2012-04-20 21:20 - 0000000 ____D C:\ProgramData\PC Optimizer Pro
2012-04-03 11:59 - 2012-04-20 21:20 - 0000000 ____D C:\Program Files (x86)\The Weather Channel FW
2012-04-03 11:59 - 2012-04-20 20:55 - 0000000 ____D C:\Users\Lani\AppData\Roaming\MusicOasis
2012-04-03 11:59 - 2010-03-18 09:16 - 0348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2012-04-03 11:59 - 2009-07-13 17:15 - 0499712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2012-04-03 11:51 - 2012-04-15 06:12 - 1673408 ____A (W3i, LLC) C:\Users\Lani\Downloads\musicoasis.exe
2012-04-03 11:49 - 2012-04-20 21:20 - 0000000 ____D C:\Program Files (x86)\Mplayer
2012-04-03 11:48 - 2012-04-15 09:20 - 0000000 ____D C:\Users\All Users\WeCareReminder
2012-04-03 11:48 - 2012-04-15 09:20 - 0000000 ____D C:\ProgramData\WeCareReminder
2012-04-03 11:48 - 2012-03-11 10:17 - 0000000 ____D C:\Program Files (x86)\Free Offers from Freeze.com
2012-04-01 15:39 - 2012-04-21 17:34 - 0000000 ____A C:\Users\All Users\3c4611b0b3f1bb020f93fd933828352e_c
2012-04-01 15:39 - 2012-04-21 17:34 - 0000000 ____A C:\ProgramData\3c4611b0b3f1bb020f93fd933828352e_c
2012-04-01 15:39 - 2012-04-20 21:20 - 0000000 ____D C:\Program Files (x86)\PricePeep
2012-04-01 15:39 - 2012-04-19 03:34 - 0000000 ____D C:\Program Files (x86)\WhiteSmoke_US
2012-04-01 15:38 - 2012-04-20 20:50 - 0000000 ____D C:\Program Files (x86)\WhiteSmokeTranslator
2012-04-01 15:38 - 2009-07-13 21:08 - 0000000 ____D C:\Users\All Users\UpdaterService
2012-04-01 15:38 - 2009-07-13 21:08 - 0000000 ____D C:\ProgramData\UpdaterService
2012-03-29 22:11 - 2007-12-31 18:22 - 0000000 ____A C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01009.Wdf

============ 3 Months Modified Files and Folders =============

2012-04-22 11:03 - 2012-04-22 11:03 - 0000000 ____D C:\FRST
2012-04-22 08:04 - 2012-04-17 13:55 - 0000000 ____D C:\users\Sean
2012-04-22 08:04 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-04-22 08:04 - 2007-12-31 11:57 - 0000000 ____D C:\users\Lani
2012-04-22 04:06 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-04-22 04:06 - 2007-12-31 22:39 - 2213105664 __ASH C:\hiberfil.sys
2012-04-21 22:50 - 2012-04-21 18:02 - 0000000 ____D C:\Program Files (x86)\GridinSoft Trojan Killer
2012-04-21 17:46 - 2007-12-31 22:43 - 1642083 ____A C:\Windows\WindowsUpdate.log
2012-04-21 17:45 - 2012-04-21 17:45 - 0048464 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\qgwjmpdo.sys
2012-04-21 17:45 - 2012-04-21 17:45 - 0000882 ___RA C:\Windows\System32\Drivers\etc\hosts.728C75B9163F45A6
2012-04-21 17:44 - 2009-07-13 20:45 - 0014256 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-21 17:44 - 2009-07-13 20:45 - 0014256 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-21 17:43 - 2012-04-21 17:40 - 0123658 ____A C:\TDSSKiller.2.7.31.0_21.04.2012_21.40.34_log.txt
2012-04-21 17:43 - 2012-04-21 14:34 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-04-21 17:42 - 2011-09-16 13:11 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-04-21 17:40 - 2012-04-21 13:06 - 0005548 ____A C:\Windows\System32\PerfStringBackup.TMP
2012-04-21 17:39 - 2012-04-21 14:28 - 0003138 ____A C:\rkill.log
2012-04-21 17:35 - 2012-04-21 14:06 - 0000352 ____A C:\Users\All Users\QELArpLpPqGNrU
2012-04-21 17:35 - 2012-04-21 14:06 - 0000352 ____A C:\ProgramData\QELArpLpPqGNrU
2012-04-21 17:35 - 2012-04-21 13:57 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-04-21 17:34 - 2012-04-21 14:07 - 0000160 ____A C:\Users\All Users\-QELArpLpPqGNrU
2012-04-21 17:34 - 2012-04-21 14:07 - 0000160 ____A C:\ProgramData\-QELArpLpPqGNrU
2012-04-21 17:34 - 2012-04-21 14:07 - 0000000 ____A C:\Users\All Users\-QELArpLpPqGNrUr
2012-04-21 17:34 - 2012-04-21 14:07 - 0000000 ____A C:\ProgramData\-QELArpLpPqGNrUr
2012-04-21 17:34 - 2011-09-16 13:11 - 0000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-04-21 17:34 - 2009-07-13 21:08 - 0000006 ____A C:\Windows\Tasks\SA.DAT
2012-04-21 17:34 - 2009-07-13 20:51 - 0038853 ____A C:\Windows\setupact.log
2012-04-21 17:00 - 2012-04-21 10:38 - 0000342 ____A C:\Windows\Tasks\At46.job
2012-04-21 17:00 - 2012-04-21 10:37 - 0000340 ____A C:\Windows\Tasks\At22.job
2012-04-21 16:53 - 2012-04-21 16:53 - 0302592 ____A C:\Users\Lani\Downloads\rn3k97bl.exe
2012-04-21 16:41 - 2012-04-21 16:39 - 0123668 ____A C:\TDSSKiller.2.7.31.0_21.04.2012_20.39.54_log.txt
2012-04-21 16:30 - 2008-01-03 17:56 - 0023398 ____A C:\Windows\PFRO.log
2012-04-21 15:46 - 2012-04-21 15:46 - 2072624 ____A (Kaspersky Lab ZAO) C:\Users\Lani\Downloads\tdsskiller(1).exe
2012-04-21 15:25 - 2012-04-21 15:25 - 0001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-21 15:25 - 2012-04-15 06:14 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-21 15:24 - 2012-04-21 14:56 - 0052980 ____A C:\Windows\ntbtlog.txt
2012-04-21 14:34 - 2012-04-21 14:32 - 0124552 ____A C:\TDSSKiller.2.7.31.0_21.04.2012_18.32.56_log.txt
2012-04-21 14:32 - 2012-04-21 14:32 - 2072624 ____A (Kaspersky Lab ZAO) C:\Users\Lani\Downloads\tdsskiller.exe
2012-04-21 14:31 - 2012-04-18 08:26 - 0000924 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4003444054-3878263867-3711562198-1000UA.job
2012-04-21 14:26 - 2012-04-21 14:26 - 1008141 ____A C:\Users\Lani\Downloads\rkill.com
2012-04-21 14:06 - 2012-04-21 14:06 - 0221184 ____A C:\Users\All Users\QELArpLpPqGNrU.exe
2012-04-21 14:06 - 2012-04-21 14:06 - 0221184 ____A C:\ProgramData\QELArpLpPqGNrU.exe
2012-04-21 14:06 - 2012-04-21 14:06 - 0000647 ____A C:\Users\Lani\Desktop\SMART_HDD.lnk
2012-04-21 14:03 - 2012-04-21 10:37 - 0000340 ____A C:\Windows\Tasks\At19.job
2012-04-21 14:00 - 2012-04-21 10:38 - 0000342 ____A C:\Windows\Tasks\At43.job
2012-04-21 13:40 - 2012-04-21 13:40 - 0274000 ____A C:\Windows\Minidump\042112-24429-01.dmp
2012-04-21 13:40 - 2008-01-03 17:57 - 0000000 ____D C:\Windows\Minidump
2012-04-21 13:40 - 2008-01-03 17:56 - 285955920 ____A C:\Windows\MEMORY.DMP
2012-04-21 13:01 - 2012-04-21 10:37 - 0000340 ____A C:\Windows\Tasks\At18.job
2012-04-21 13:00 - 2012-04-21 10:38 - 0000342 ____A C:\Windows\Tasks\At42.job
2012-04-21 12:58 - 2012-04-21 12:58 - 0274000 ____A C:\Windows\Minidump\042112-27643-01.dmp
2012-04-21 12:58 - 2012-04-21 10:38 - 0000342 ____A C:\Windows\Tasks\At48.job
2012-04-21 12:58 - 2012-04-21 10:38 - 0000342 ____A C:\Windows\Tasks\At47.job
2012-04-21 12:58 - 2012-04-21 10:38 - 0000342 ____A C:\Windows\Tasks\At45.job
2012-04-21 12:58 - 2012-04-21 10:38 - 0000342 ____A C:\Windows\Tasks\At44.job
2012-04-21 12:58 - 2012-04-21 10:38 - 0000342 ____A C:\Windows\Tasks\At39.job
2012-04-21 12:58 - 2012-04-21 10:38 - 0000342 ____A C:\Windows\Tasks\At38.job
2012-04-21 12:58 - 2012-04-21 10:38 - 0000342 ____A C:\Windows\Tasks\At37.job
2012-04-21 12:58 - 2012-04-21 10:38 - 0000342 ____A C:\Windows\Tasks\At36.job
2012-04-21 12:58 - 2012-04-21 10:38 - 0000342 ____A C:\Windows\Tasks\At35.job
2012-04-21 12:58 - 2012-04-21 10:38 - 0000342 ____A C:\Windows\Tasks\At34.job
2012-04-21 12:58 - 2012-04-21 10:38 - 0000342 ____A C:\Windows\Tasks\At33.job
2012-04-21 12:58 - 2012-04-21 10:38 - 0000342 ____A C:\Windows\Tasks\At32.job
2012-04-21 12:58 - 2012-04-21 10:38 - 0000342 ____A C:\Windows\Tasks\At31.job
2012-04-21 12:58 - 2012-04-21 10:38 - 0000342 ____A C:\Windows\Tasks\At30.job
2012-04-21 12:58 - 2012-04-21 10:37 - 0000342 ____A C:\Windows\Tasks\At29.job
2012-04-21 12:58 - 2012-04-21 10:37 - 0000342 ____A C:\Windows\Tasks\At28.job
2012-04-21 12:58 - 2012-04-21 10:37 - 0000342 ____A C:\Windows\Tasks\At27.job
2012-04-21 12:58 - 2012-04-21 10:37 - 0000342 ____A C:\Windows\Tasks\At26.job
2012-04-21 12:58 - 2012-04-21 10:37 - 0000342 ____A C:\Windows\Tasks\At25.job
2012-04-21 12:58 - 2012-04-21 10:37 - 0000340 ____A C:\Windows\Tasks\At9.job
2012-04-21 12:58 - 2012-04-21 10:37 - 0000340 ____A C:\Windows\Tasks\At8.job
2012-04-21 12:58 - 2012-04-21 10:37 - 0000340 ____A C:\Windows\Tasks\At7.job
2012-04-21 12:58 - 2012-04-21 10:37 - 0000340 ____A C:\Windows\Tasks\At6.job
2012-04-21 12:58 - 2012-04-21 10:37 - 0000340 ____A C:\Windows\Tasks\At5.job
2012-04-21 12:58 - 2012-04-21 10:37 - 0000340 ____A C:\Windows\Tasks\At4.job
2012-04-21 12:58 - 2012-04-21 10:37 - 0000340 ____A C:\Windows\Tasks\At3.job
2012-04-21 12:58 - 2012-04-21 10:37 - 0000340 ____A C:\Windows\Tasks\At24.job
2012-04-21 12:58 - 2012-04-21 10:37 - 0000340 ____A C:\Windows\Tasks\At23.job
2012-04-21 12:58 - 2012-04-21 10:37 - 0000340 ____A C:\Windows\Tasks\At21.job
2012-04-21 12:58 - 2012-04-21 10:37 - 0000340 ____A C:\Windows\Tasks\At20.job
2012-04-21 12:58 - 2012-04-21 10:37 - 0000340 ____A C:\Windows\Tasks\At2.job
2012-04-21 12:58 - 2012-04-21 10:37 - 0000340 ____A C:\Windows\Tasks\At15.job
2012-04-21 12:58 - 2012-04-21 10:37 - 0000340 ____A C:\Windows\Tasks\At14.job
2012-04-21 12:58 - 2012-04-21 10:37 - 0000340 ____A C:\Windows\Tasks\At13.job
2012-04-21 12:58 - 2012-04-21 10:37 - 0000340 ____A C:\Windows\Tasks\At12.job
2012-04-21 12:58 - 2012-04-21 10:37 - 0000340 ____A C:\Windows\Tasks\At11.job
2012-04-21 12:58 - 2012-04-21 10:37 - 0000340 ____A C:\Windows\Tasks\At10.job
2012-04-21 12:58 - 2012-04-21 10:37 - 0000340 ____A C:\Windows\Tasks\At1.job
2012-04-21 12:55 - 2012-01-26 17:51 - 0000000 ____D C:\Users\Lani\AppData\Roaming\uTorrent
2012-04-21 12:00 - 2012-04-21 10:38 - 0000342 ____A C:\Windows\Tasks\At41.job
2012-04-21 12:00 - 2012-04-21 10:37 - 0000340 ____A C:\Windows\Tasks\At17.job
2012-04-21 11:00 - 2012-04-21 10:38 - 0000342 ____A C:\Windows\Tasks\At40.job
2012-04-21 11:00 - 2012-04-21 10:37 - 0000340 ____A C:\Windows\Tasks\At16.job
2012-04-21 10:37 - 2012-04-21 10:37 - 0000000 ____D C:\Windows\system64
2012-04-21 09:01 - 2012-04-21 05:30 - 0000855 ___RA C:\Windows\System32\Drivers\etc\hosts
2012-04-21 08:31 - 2012-04-18 08:26 - 0000902 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4003444054-3878263867-3711562198-1000Core.job
2012-04-21 07:46 - 2009-07-13 21:13 - 0005548 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-21 06:26 - 2012-04-21 06:26 - 0274000 ____A C:\Windows\Minidump\042112-33431-01.dmp
2012-04-21 05:44 - 2012-04-21 05:44 - 0000000 __SHD C:\$RECYCLE.BIN
2012-04-21 05:41 - 2012-04-21 05:41 - 0038224 ____A C:\ComboFix.txt
2012-04-21 05:41 - 2012-04-21 04:43 - 0000000 ____D C:\Qoobox
2012-04-21 05:41 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2012-04-21 05:41 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Default
2012-04-21 05:34 - 2012-04-21 04:55 - 0000000 ____D C:\Windows\ERDNT
2012-04-21 05:31 - 2009-07-13 18:34 - 0000215 ____A C:\Windows\system.ini
2012-04-21 04:22 - 2012-04-21 04:22 - 0000036 ____A C:\Users\Lani\AppData\Local\housecall.guid.cache
2012-04-20 21:24 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Sidebar
2012-04-20 21:24 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Sidebar
2012-04-20 21:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\TAPI
2012-04-20 21:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Recovery
2012-04-20 21:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ias
2012-04-20 21:22 - 2009-07-13 23:46 - 0000000 ____D C:\Windows\ShellNew
2012-04-20 21:22 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-04-20 21:22 - 2009-07-13 20:45 - 0000000 ____D C:\Windows\Setup
2012-04-20 21:22 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\security
2012-04-20 21:21 - 2012-04-18 03:13 - 0000000 ____D C:\Users\Lani\Downloads\21.Jump.Street.2012.TS2DVD.DD2.0.NL.Subs
2012-04-20 21:21 - 2012-04-18 03:13 - 0000000 ____D C:\Users\Lani\Downloads\{www.scenetime.com}One.For.The.Money.2012.DVDRip.XviD-USi
2012-04-20 21:21 - 2012-03-14 07:08 - 0000000 ____D C:\Users\Lani\Desktop\pics
2012-04-20 21:21 - 2012-03-12 07:02 - 0000000 ____D C:\Users\Lani\Downloads\The.Skin.I.Live.In.2011.720p.Bluray.x264.anoXmous
2012-04-20 21:21 - 2012-03-12 06:59 - 0000000 ____D C:\Users\Lani\Downloads\[ UsaBit.com ] - Apart 2011 DVDRIP XVID-WBZ
2012-04-20 21:21 - 2012-03-12 06:51 - 0000000 ____D C:\Users\Lani\Downloads\Good Deeds 2012 SCR XViD-26k
2012-04-20 21:21 - 2012-03-11 11:03 - 0000000 ____D C:\Users\Lani\Downloads\Precious Based on the Novel Push by Sapphire 2009 BRRip H264 AAC-GreatMagician
2012-04-20 21:21 - 2012-02-23 10:52 - 0000000 ____D C:\Users\Lani\Downloads\Waking.Sleeping.Beauty.2009.DVDRip.XviD-VoMiT [NO-RAR] - [ www.torrentday.com ]
2012-04-20 21:21 - 2012-02-22 06:42 - 0000000 ____D C:\Users\Lani\Downloads\This.Means.War.2012.TS.XviD-SiC
2012-04-20 21:21 - 2012-02-18 08:15 - 0000000 ____D C:\Users\Lani\Downloads\The.Lake.House[2006]DvDrip[Eng]-aXXo
2012-04-20 21:21 - 2012-02-18 06:37 - 0000000 ____D C:\Users\Lani\Downloads\The.Vow.2012.CAM.XviD-INFERNO
2012-04-20 21:21 - 2012-02-13 03:18 - 0000000 ____D C:\Users\Lani\AppData\Roaming\DVD Flick
2012-04-20 21:21 - 2012-02-12 01:09 - 0000000 ____D C:\Users\Lani\Downloads\Chronicle 2012 TS XviD - MiSTERE
2012-04-20 21:21 - 2012-02-10 06:16 - 0000000 ____D C:\Users\Lani\Downloads\[ UsaBit.com ] - Contraband.2012.TS.AC3.H264-CRYS
2012-04-20 21:21 - 2012-02-10 06:06 - 0000000 ____D C:\Users\Lani\Downloads\[ UsaBit.com ] - Man On A Ledge 2012 CAM READNFO XViD - INSPiRAL
2012-04-20 21:21 - 2012-01-28 17:59 - 0000000 ____D C:\Users\Lani\Downloads\Next.2007.x264.DTS.2AUDIO-WAF
2012-04-20 21:21 - 2012-01-28 17:48 - 0000000 ____D C:\Users\Lani\Downloads\Dogma[1999]BRRip Xvid[AC3]-ExtraTorrentRG
2012-04-20 21:21 - 2012-01-27 10:04 - 0000000 ____D C:\Users\Lani\Downloads\Season Of The Witch 2011 1080p BDRip H264 AAC - IceBane (Kingdom Release)
2012-04-20 21:21 - 2012-01-27 09:35 - 0000000 ____D C:\Users\Lani\Downloads\Under.the.Tuscan.Sun.DVDRip.FS.English
2012-04-20 21:21 - 2012-01-26 19:36 - 0000000 ____D C:\Users\Lani\Downloads\Footloose 2011 CaM XviD-26K
2012-04-20 21:21 - 2012-01-26 19:25 - 0000000 ____D C:\Users\Lani\Downloads\[ UsaBit.com ] - Twilight Saga Breaking Dawn Part 1 2011 BRRip XviD AC3-SANTi
2012-04-20 21:21 - 2011-12-28 15:36 - 0000000 ____D C:\Users\Lani\AppData\Roaming\Skype
2012-04-20 21:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2012-04-20 21:21 - 2008-01-01 20:50 - 0000000 ____D C:\Users\Lani\Desktop\King Music
2012-04-20 21:20 - 2012-04-03 11:59 - 0000000 ____D C:\Program Files (x86)\The Weather Channel FW
2012-04-20 21:20 - 2012-04-03 11:48 - 0000000 ____D C:\Program Files (x86)\Free Offers from Freeze.com
2012-04-20 21:20 - 2012-04-01 15:39 - 0000000 ____D C:\Program Files (x86)\WhiteSmoke_US
2012-04-20 21:20 - 2012-04-01 15:39 - 0000000 ____D C:\Program Files (x86)\PricePeep
2012-04-20 21:20 - 2012-02-13 03:18 - 0000000 ____D C:\Program Files (x86)\DVD Flick
2012-04-20 21:20 - 2012-02-12 16:04 - 0000000 ____D C:\Program Files (x86)\Total Video2Dvd
2012-04-20 21:20 - 2012-01-27 10:26 - 0000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2012-04-20 21:20 - 2012-01-26 21:24 - 0000000 ____D C:\Program Files (x86)\AC3Filter
2012-04-20 21:20 - 2012-01-26 18:00 - 0000000 ____D C:\Program Files (x86)\Conduit
2012-04-20 21:20 - 2012-01-26 17:53 - 0000000 ____D C:\Program Files (x86)\uTorrentBar
2012-04-20 21:20 - 2012-01-26 17:52 - 0000000 ____D C:\Program Files (x86)\uTorrent
2012-04-20 21:20 - 2012-01-26 15:33 - 0000000 ____D C:\Program Files\DivX
2012-04-20 21:20 - 2012-01-26 15:30 - 0000000 ____D C:\Program Files (x86)\DivX
2012-04-20 21:20 - 2012-01-09 09:07 - 0000000 ____D C:\Users\All Users\Yahoo!
2012-04-20 21:20 - 2012-01-09 09:07 - 0000000 ____D C:\ProgramData\Yahoo!
2012-04-20 21:20 - 2012-01-09 09:04 - 0000000 ____D C:\Program Files (x86)\Yahoo!
2012-04-20 21:20 - 2011-12-28 15:35 - 0000000 ____D C:\Users\All Users\Skype
2012-04-20 21:20 - 2011-12-28 15:35 - 0000000 ____D C:\ProgramData\Skype
2012-04-20 21:20 - 2011-10-20 07:12 - 0000000 ____D C:\Users\All Users\DivX
2012-04-20 21:20 - 2011-10-20 07:12 - 0000000 ____D C:\ProgramData\DivX
2012-04-20 21:20 - 2011-10-09 02:00 - 0000000 ____D C:\Program Files (x86)\Mobile Stream
2012-04-20 21:20 - 2011-10-06 05:03 - 0000000 ____D C:\Program Files (x86)\PdaNet for Android
2012-04-20 21:20 - 2011-09-02 05:59 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-04-20 21:20 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-04-20 21:20 - 2008-01-07 05:26 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-04-20 21:20 - 2008-01-01 07:41 - 0000000 ____D C:\Program Files (x86)\Tether
2012-04-20 21:20 - 2008-01-01 06:04 - 0000000 ____D C:\Users\Lani\.3gpplayer
2012-04-20 21:20 - 2008-01-01 06:03 - 0000000 ____D C:\Users\Lani\AppData\Local\Conduit
2012-04-20 21:20 - 2007-12-31 14:35 - 0000000 ____D C:\Users\Lani\AppData\Local\Apps\2.0
2012-04-20 21:20 - 2007-12-31 12:29 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-04-20 21:20 - 2007-12-31 12:14 - 0000000 ____D C:\Program Files (x86)\Microsoft Works
2012-04-20 21:20 - 2007-12-31 12:13 - 0000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2012-04-20 21:20 - 2007-12-31 12:10 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-04-20 21:20 - 2007-12-31 12:10 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-04-20 21:19 - 2009-07-13 23:45 - 0000000 ___RD C:\Users\Public\Recorded TV
2012-04-20 21:16 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\winrm
2012-04-20 21:16 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\WCN
2012-04-20 21:16 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\slmgr
2012-04-20 21:16 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2012-04-20 21:16 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\SysWOW64\WindowsPowerShell
2012-04-20 21:16 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Web
2012-04-20 21:16 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Vss
2012-04-20 21:16 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\spp
2012-04-20 21:16 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Speech
2012-04-20 21:16 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\NetworkList
2012-04-20 21:16 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\MUI
2012-04-20 21:16 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Msdtc
2012-04-20 21:16 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\migwiz
2012-04-20 21:16 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\InstallShield
2012-04-20 21:16 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\IME
2012-04-20 21:16 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Dism
2012-04-20 21:16 - 2007-12-31 14:26 - 0000000 ____D C:\Windows\SysWOW64\Macromed
2012-04-20 21:09 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\com
2012-04-20 21:04 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Performance
2012-04-20 21:04 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Speech
2012-04-20 21:04 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\schemas
2012-04-20 21:04 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Resources
2012-04-20 21:04 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-04-20 21:04 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PLA
2012-04-20 20:59 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\IME
2012-04-20 20:59 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Help
2012-04-20 20:59 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Globalization
2012-04-20 20:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Branding
2012-04-20 20:56 - 2012-04-17 13:55 - 0000000 ____D C:\Users\Sean\AppData\Roaming\Macromedia
2012-04-20 20:56 - 2012-04-17 13:55 - 0000000 ____D C:\Users\Sean\AppData\LocalLow
2012-04-20 20:56 - 2012-02-12 16:04 - 0000000 ____D C:\v2d
2012-04-20 20:55 - 2012-04-17 13:58 - 0000000 ____D C:\Users\Sean\AppData\Local\Google
2012-04-20 20:55 - 2012-04-15 06:15 - 0000000 ____D C:\Users\Lani\AppData\Roaming\Malwarebytes
2012-04-20 20:55 - 2012-03-11 11:01 - 0000000 ____D C:\Users\Lani\Downloads\I Can Do Bad All By Myself[2009]DvDrip-LW
2012-04-20 20:55 - 2012-02-12 15:16 - 0000000 ____D C:\Users\Lani\AppData\Roaming\Canneverbe Limited
2012-04-20 20:55 - 2012-02-12 00:58 - 0000000 ____D C:\Users\Lani\AppData\Roaming\Yahoo!
2012-04-20 20:55 - 2012-01-27 10:24 - 0000000 ____D C:\Users\Lani\AppData\Roaming\AMozilla
2012-04-20 20:55 - 2008-01-07 05:26 - 0000000 ____D C:\Users\Lani\AppData\Roaming\Mozilla
2012-04-20 20:55 - 2007-12-31 14:26 - 0000000 ____D C:\Users\Lani\AppData\Roaming\Macromedia
2012-04-20 20:55 - 2007-12-31 14:26 - 0000000 ____D C:\Users\Lani\AppData\Roaming\Adobe
2012-04-20 20:55 - 2007-12-31 11:57 - 0000000 ____D C:\Users\Lani\AppData\LocalLow
2012-04-20 20:54 - 2008-01-07 05:26 - 0000000 ____D C:\Users\Lani\AppData\Local\Mozilla
2012-04-20 20:51 - 2012-04-15 06:14 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-04-20 20:51 - 2012-04-15 06:14 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-04-20 20:51 - 2012-02-13 12:11 - 0000000 ____D C:\Users\All Users\Tarma Installer
2012-04-20 20:51 - 2012-02-13 12:11 - 0000000 ____D C:\ProgramData\Tarma Installer
2012-04-20 20:51 - 2012-01-27 10:25 - 0000000 ____D C:\Users\Lani\AppData\Local\AMozilla
2012-04-20 20:51 - 2012-01-11 13:41 - 0000000 ____D C:\Users\Lani\AppData\Local\Facebook
2012-04-20 20:51 - 2012-01-11 13:05 - 0000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2012-04-20 20:51 - 2012-01-11 13:05 - 0000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2012-04-20 20:51 - 2011-09-16 13:12 - 0000000 ____D C:\Users\All Users\Adobe
2012-04-20 20:51 - 2011-09-16 13:12 - 0000000 ____D C:\ProgramData\Adobe
2012-04-20 20:51 - 2009-07-13 23:47 - 0000000 ____D C:\Program Files\Windows Journal
2012-04-20 20:51 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Photo Viewer
2012-04-20 20:51 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Defender
2012-04-20 20:51 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Reference Assemblies
2012-04-20 20:51 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\MSBuild
2012-04-20 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Windows NT
2012-04-20 20:51 - 2007-12-31 14:36 - 0000000 ____D C:\Users\Lani\AppData\Local\Google
2012-04-20 20:50 - 2012-02-22 06:59 - 0000000 ____D C:\Program Files (x86)\VstPlugins
2012-04-20 20:50 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\DVD Maker
2012-04-20 20:50 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2012-04-20 20:50 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Defender
2012-04-20 20:50 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Reference Assemblies
2012-04-20 20:50 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\MSBuild
2012-04-20 20:50 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\System
2012-04-20 20:50 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\SpeechEngines
2012-04-20 20:50 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files (x86)\Windows NT
2012-04-20 20:50 - 2007-12-31 12:11 - 0000000 ____D C:\Program Files\Microsoft Office
2012-04-20 20:49 - 2012-01-26 08:12 - 0000000 ____D C:\Program Files (x86)\Java
2012-04-20 20:49 - 2011-09-16 13:11 - 0000000 ____D C:\Program Files (x86)\Google
2012-04-20 20:49 - 2007-12-31 12:10 - 0000000 ____D C:\Program Files (x86)\Microsoft Office
2012-04-20 20:48 - 2011-09-16 13:13 - 0000000 ____D C:\Program Files (x86)\Adobe
2012-04-20 20:48 - 2007-12-31 12:09 - 0000000 ___RD C:\MSOCache
2012-04-20 18:00 - 2012-04-03 11:49 - 0000000 ____D C:\Program Files (x86)\Mplayer
2012-04-19 10:53 - 2012-04-19 10:53 - 0016216 ____A C:\Users\Sean\Downloads\eminem.jpg
2012-04-19 07:49 - 2012-04-19 07:50 - 0012250 ____A C:\Users\Lani\Desktop\armband.jpg
2012-04-19 07:45 - 2012-04-19 07:45 - 0006003 ____A C:\Users\Lani\Desktop\imagesCAEOMR0A.jpg
2012-04-19 03:34 - 2012-04-19 03:34 - 0000174 ___SH C:\Users\Lani\Start Menu\Programs\Startup\desktop.ini
2012-04-19 03:34 - 2012-04-19 03:34 - 0000174 ___SH C:\Users\Lani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-04-19 03:34 - 2012-04-01 15:38 - 0000000 ____D C:\Program Files (x86)\WhiteSmokeTranslator
2012-04-19 03:28 - 2012-04-19 03:12 - 0000000 ____D C:\Users\All Users\CPA_VA
2012-04-19 03:28 - 2012-04-19 03:12 - 0000000 ____D C:\ProgramData\CPA_VA
2012-04-19 03:28 - 2012-04-19 03:09 - 0000000 ____D C:\Program Files\COMODO
2012-04-19 03:18 - 2012-04-19 03:10 - 0000000 ____D C:\Users\Public\Documents\COMODO
2012-04-19 03:12 - 2012-04-19 03:12 - 0000000 ____D C:\Users\All Users\Comodo
2012-04-19 03:12 - 2012-04-19 03:12 - 0000000 ____D C:\ProgramData\Comodo
2012-04-19 03:10 - 2012-04-19 03:11 - 0020080 ____A C:\Windows\System32\Drivers\EnumProcessesDriver.sys
2012-04-19 03:09 - 2012-04-19 03:09 - 0748656 ____A (COMODO) C:\Users\Lani\Downloads\HealthCheckLauncher_Comodo.exe
2012-04-19 02:43 - 2012-04-19 02:43 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\jhjlhpjh.sys
2012-04-18 12:06 - 2012-04-18 12:06 - 0493512 ____A (Facebook Inc.) C:\Users\Sean\Downloads\FacebookMessengerSetup.exe
2012-04-18 11:43 - 2012-04-18 11:43 - 0000000 ____D C:\Users\Sean\AppData\Roaming\Adobe
2012-04-17 13:56 - 2012-04-17 13:56 - 0109232 ____A C:\Users\Sean\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-17 13:56 - 2012-04-17 13:56 - 0000174 ___SH C:\Users\Sean\Start Menu\Programs\Startup\desktop.ini
2012-04-17 13:56 - 2012-04-17 13:56 - 0000174 ___SH C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-04-17 13:55 - 2012-04-17 13:55 - 0001230 _RASH C:\Users\Sean\ntuser.pol
2012-04-17 13:55 - 2012-04-17 13:55 - 0000020 __ASH C:\Users\Sean\ntuser.ini
2012-04-17 13:55 - 2012-04-17 13:55 - 0000000 __SHD C:\Users\Sean\Templates
2012-04-17 13:55 - 2012-04-17 13:55 - 0000000 __SHD C:\Users\Sean\Start Menu
2012-04-17 13:55 - 2012-04-17 13:55 - 0000000 __SHD C:\Users\Sean\PrintHood
2012-04-17 13:55 - 2012-04-17 13:55 - 0000000 __SHD C:\Users\Sean\NetHood
2012-04-17 13:55 - 2012-04-17 13:55 - 0000000 __SHD C:\Users\Sean\My Documents
2012-04-17 13:55 - 2012-04-17 13:55 - 0000000 __SHD C:\Users\Sean\Documents\My Videos
2012-04-17 13:55 - 2012-04-17 13:55 - 0000000 __SHD C:\Users\Sean\Documents\My Pictures
2012-04-17 13:55 - 2012-04-17 13:55 - 0000000 __SHD C:\Users\Sean\Documents\My Music
2012-04-17 13:55 - 2012-04-17 13:55 - 0000000 __SHD C:\Users\Sean\AppData\Local\Temporary Internet Files
2012-04-17 13:55 - 2012-04-17 13:55 - 0000000 __SHD C:\Users\Sean\AppData\Local\History
2012-04-16 19:03 - 2012-04-16 19:03 - 0001275 ____A C:\Users\Lani\Desktop\Z3TA+ 2.lnk
2012-04-16 19:01 - 2012-04-16 19:01 - 1060864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2012-04-16 13:05 - 2012-04-16 13:05 - 0000000 ____D C:\Users\Lani\Downloads\Cakewalk Z3TA Plus 2 STANDALONE VSTi v2.0 x86 x64
2012-04-15 09:20 - 2012-04-01 15:38 - 0000000 ____D C:\Users\All Users\UpdaterService
2012-04-15 09:20 - 2012-04-01 15:38 - 0000000 ____D C:\ProgramData\UpdaterService
2012-04-15 06:12 - 2012-04-15 06:10 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Lani\Downloads\mbam-setup-1.61.0.1400.exe
2012-04-10 10:33 - 2012-04-10 10:33 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\lqfnudxn.sys
2012-04-10 10:30 - 2012-04-10 10:29 - 0000632 _RASH C:\Users\Lani\ntuser.pol
2012-04-10 10:29 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\GroupPolicyUsers
2012-04-10 10:29 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\GroupPolicy
2012-04-09 17:53 - 2012-04-03 11:48 - 0000000 ____D C:\Users\All Users\WeCareReminder
2012-04-09 17:53 - 2012-04-03 11:48 - 0000000 ____D C:\ProgramData\WeCareReminder
2012-04-09 11:15 - 2011-09-11 11:13 - 0000000 ____D C:\Users\Lani\AppData\Local\ElevatedDiagnostics
2012-04-09 11:09 - 2012-04-09 11:04 - 0000160 ____A C:\Users\All Users\-FnYif0cvSWNHPfr
2012-04-09 11:09 - 2012-04-09 11:04 - 0000160 ____A C:\ProgramData\-FnYif0cvSWNHPfr
2012-04-09 11:09 - 2012-04-09 11:04 - 0000000 ____A C:\Users\All Users\-FnYif0cvSWNHPf
2012-04-09 11:09 - 2012-04-09 11:04 - 0000000 ____A C:\ProgramData\-FnYif0cvSWNHPf
2012-04-09 07:45 - 2012-04-09 07:45 - 0010550 ____A C:\Users\Lani\Desktop\imagesCAJMLY0P.jpg
2012-04-05 06:29 - 2012-04-05 06:29 - 0000000 ____D C:\Users\All Users\PC Optimizer Pro
2012-04-05 06:29 - 2012-04-05 06:29 - 0000000 ____D C:\ProgramData\PC Optimizer Pro
2012-04-04 11:56 - 2012-04-21 15:25 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-03 11:59 - 2012-04-03 11:59 - 0000000 ____D C:\Users\Lani\AppData\Roaming\MusicOasis
2012-04-03 11:51 - 2012-04-03 11:51 - 1673408 ____A (W3i, LLC) C:\Users\Lani\Downloads\musicoasis.exe
2012-04-01 15:39 - 2012-04-01 15:39 - 0000000 ____A C:\Users\All Users\3c4611b0b3f1bb020f93fd933828352e_c
2012-04-01 15:39 - 2012-04-01 15:39 - 0000000 ____A C:\ProgramData\3c4611b0b3f1bb020f93fd933828352e_c
2012-03-29 22:11 - 2012-03-29 22:11 - 0000000 ____A C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2012-03-22 19:39 - 2012-02-12 15:36 - 0000000 ____D C:\Users\Lani\Documents\Aimersoft DVD Creator
2012-03-22 19:35 - 2012-02-13 09:45 - 0000000 ____D C:\Program Files (x86)\AVS4YOU
2012-03-22 19:34 - 2012-02-22 06:52 - 0000000 ____D C:\Program Files (x86)\Image-Line
2012-03-22 04:06 - 2009-07-13 21:08 - 0032574 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-03-20 23:20 - 2009-07-13 18:34 - 0000478 ____A C:\Windows\win.ini
2012-03-18 07:12 - 2012-01-26 20:21 - 0014336 ____A C:\Users\Lani\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-03-16 00:18 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2012-03-15 23:22 - 2012-03-15 23:22 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-03-15 23:22 - 2012-03-15 23:22 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-03-15 23:22 - 2012-03-15 23:22 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-03-15 23:22 - 2012-03-15 23:22 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-03-15 23:22 - 2012-03-15 23:22 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-03-15 23:22 - 2012-03-15 23:22 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-03-15 23:22 - 2012-03-15 23:22 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-03-15 23:22 - 2012-03-15 23:22 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-03-15 23:22 - 2012-03-15 23:22 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-03-15 23:22 - 2012-03-15 23:22 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-03-15 23:22 - 2012-03-15 23:22 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-03-15 23:22 - 2012-03-15 23:22 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-03-15 23:22 - 2012-03-15 23:22 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-03-15 23:22 - 2012-03-15 23:22 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-03-15 23:22 - 2012-03-15 23:22 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-03-15 23:22 - 2012-03-15 23:22 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-03-15 23:22 - 2012-03-15 23:22 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-03-15 23:22 - 2012-03-15 23:22 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-03-15 23:22 - 2012-03-15 23:22 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-03-15 23:22 - 2012-03-15 23:22 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-03-15 23:22 - 2012-03-15 23:22 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-03-15 23:22 - 2012-03-15 23:22 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-03-15 23:22 - 2012-03-15 23:22 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-03-15 23:22 - 2012-03-15 23:22 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-03-15 23:22 - 2012-03-15 23:22 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-03-15 23:22 - 2012-03-15 23:22 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-03-15 23:22 - 2012-03-15 23:22 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-03-15 23:22 - 2012-03-15 23:22 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-03-15 23:22 - 2012-03-15 23:22 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-03-15 23:22 - 2012-03-15 23:22 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-03-15 23:22 - 2012-03-15 23:22 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-03-15 23:22 - 2012-03-15 23:22 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-03-15 23:22 - 2012-03-15 23:22 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-03-15 23:22 - 2012-03-15 23:22 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-03-15 23:22 - 2012-03-15 23:22 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-03-15 23:22 - 2012-03-15 23:22 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-03-15 23:22 - 2012-03-15 23:22 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-03-15 23:22 - 2012-03-15 23:22 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-03-15 23:22 - 2012-03-15 23:22 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-03-15 23:22 - 2012-03-15 23:22 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-03-15 23:22 - 2012-03-15 23:22 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-03-15 23:22 - 2012-03-15 23:22 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
2012-03-15 23:22 - 2012-03-15 23:22 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-03-15 23:22 - 2012-03-15 23:22 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-03-15 23:22 - 2012-03-15 23:22 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-03-15 23:22 - 2012-03-15 23:22 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-03-15 23:22 - 2012-03-15 23:22 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-03-15 23:22 - 2012-03-15 23:22 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-03-15 23:22 - 2012-03-15 23:22 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-03-15 23:22 - 2012-03-15 23:22 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-03-15 23:22 - 2012-03-15 23:22 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-03-15 23:22 - 2012-03-15 23:22 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-03-15 23:22 - 2012-03-15 23:22 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-03-15 23:22 - 2012-03-15 23:22 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-03-15 23:22 - 2012-03-15 23:22 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-03-15 23:22 - 2012-03-15 23:22 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-03-15 23:22 - 2012-03-15 23:22 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-03-15 23:22 - 2012-03-15 23:22 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-03-15 23:22 - 2012-03-15 23:21 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-03-15 23:22 - 2012-03-15 23:00 - 0003974 ____A C:\Windows\IE9_main.log
2012-03-15 23:21 - 2012-03-15 23:21 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-03-15 23:21 - 2012-03-15 23:21 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-03-15 23:21 - 2012-03-15 23:21 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-03-15 23:21 - 2012-03-15 23:21 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-03-15 23:21 - 2012-03-15 23:21 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-03-15 23:21 - 2012-03-15 23:21 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-03-15 23:21 - 2012-03-15 23:21 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-03-15 23:21 - 2012-03-15 23:21 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-03-15 23:21 - 2012-03-15 23:21 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-03-15 23:21 - 2012-03-15 23:21 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-03-15 23:21 - 2012-03-15 23:21 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-03-15 23:21 - 2012-03-15 23:21 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-03-15 23:21 - 2012-03-15 23:21 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-03-15 23:21 - 2012-03-15 23:21 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-03-15 23:21 - 2012-03-15 23:21 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2012-03-15 23:21 - 2012-03-15 23:21 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-03-15 23:21 - 2012-03-15 23:21 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-03-15 14:04 - 2012-03-15 12:45 - 0000000 ____D C:\Users\Lani\Downloads\Rosetta Stone V3 - French
2012-03-15 12:42 - 2012-03-15 12:42 - 0000000 ____D C:\Users\Lani\Downloads\Rosetta Stone V3 - Italian
2012-03-15 12:40 - 2012-03-15 12:38 - 0000000 ____D C:\Users\Lani\Downloads\Rosetta Stone - Spanish (Latin America) - Level 1, 2, 3, 4, 5
2012-03-15 10:04 - 2012-03-15 10:04 - 0028159 ____A C:\Users\Lani\Desktop\eat.jpg
2012-03-14 23:32 - 2009-07-13 20:45 - 0413344 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-14 23:04 - 2011-09-02 05:24 - 56297240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-03-11 11:59 - 2012-03-11 11:10 - 0000000 ____D C:\Users\Lani\Downloads\{www.scenetime.com}John Carter 2012 CAM XViD-MYSTiC
2012-03-11 10:17 - 2012-02-13 09:28 - 0000000 ____D C:\Program Files (x86)\Free MKV Video2Dvd
2012-03-05 18:06 - 2012-03-05 18:06 - 0065536 __ASH C:\Windows\System32\config\COMPONENTS{016888b8-6c6f-11de-8d1d-001e0bcde3ec}.TxR.blf
2012-03-04 16:04 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\ModemLogs
2012-02-23 05:08 - 2012-02-23 05:07 - 0000000 ____D C:\Users\Lani\Downloads\Face Off - How to Draw Amazing Caricatures & Comic Portraits
2012-02-22 06:58 - 2012-02-22 06:58 - 0000000 ____D C:\Program Files (x86)\Outsim
2012-02-15 07:36 - 2012-02-13 09:30 - 0000028 ____A C:\Windows\v2d.INI
2012-02-14 22:27 - 2012-03-14 00:15 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-14 21:44 - 2012-03-14 00:15 - 0826368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-14 20:47 - 2012-03-14 00:15 - 0204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-14 20:46 - 2012-03-14 00:15 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-13 18:58 - 2012-02-13 17:56 - 796297774 ____A C:\Users\Lani\Downloads\9.avi
2012-02-13 18:25 - 2012-02-13 13:30 - 0000000 ____D C:\Users\Lani\Downloads\How To Make Anyone Fall In Love With You PDF E-Book LKRG
2012-02-13 13:20 - 2012-02-13 10:07 - 0000000 ____D C:\Users\Lani\AppData\Roaming\AVS4YOU
2012-02-13 12:10 - 2012-02-13 12:10 - 0000050 ____A C:\user.js
2012-02-13 10:14 - 2012-02-13 09:20 - 19788784 ____A (VSO-Software ) C:\Users\Lani\Downloads\vsoConvertXtoDVD4_setup-avangate_2863(1).exe
2012-02-13 10:07 - 2012-02-13 09:45 - 0000000 ____D C:\Users\All Users\AVS4YOU
2012-02-13 10:07 - 2012-02-13 09:45 - 0000000 ____D C:\ProgramData\AVS4YOU
2012-02-13 09:18 - 2012-02-13 09:16 - 19788784 ____A (VSO-Software ) C:\Users\Lani\Downloads\vsoConvertXtoDVD4_setup-avangate_2863.exe
2012-02-13 07:03 - 2012-02-13 03:19 - 0000000 ____D C:\Users\Lani\Documents\dvd
2012-02-13 03:18 - 2012-02-13 03:18 - 0001918 ____A C:\Users\Lani\Desktop\DVD Flick.lnk
2012-02-13 03:17 - 2012-02-13 03:16 - 12951423 ____A (Dennis Meuwissen ) C:\Users\Lani\Downloads\dvdflick_setup_1.3.0.7.exe
2012-02-13 03:09 - 2011-11-17 16:54 - 0000000 ____D C:\Program Files (x86)\Research In Motion
2012-02-12 19:49 - 2007-12-31 12:29 - 0109232 ____A C:\Users\Lani\AppData\Local\GDIPFONTCACHEV1.DAT
2012-02-12 16:04 - 2012-02-12 16:04 - 0001029 ____A C:\Users\Lani\Desktop\Total Video2Dvd.lnk
2012-02-12 15:16 - 2012-02-12 15:16 - 0000000 ____D C:\Users\All Users\Canneverbe Limited
2012-02-12 15:16 - 2012-02-12 15:16 - 0000000 ____D C:\ProgramData\Canneverbe Limited
2012-02-10 06:55 - 2012-02-10 06:50 - 0000000 ____D C:\Users\Lani\Downloads\XMen.First.Class.2011.DVDRip.XVid.Biz
2012-02-10 06:24 - 2012-02-10 06:24 - 0000000 ____D C:\Users\Lani\Downloads\Sherlock.Holmes.A.Game.Of.Shadows.TS.FiXED.Xvid {ph4nt0m}
2012-02-09 22:18 - 2012-03-14 10:01 - 1541120 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 22:17 - 2012-03-14 10:01 - 1837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-02-09 22:17 - 2012-03-14 10:01 - 0902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-02-09 22:17 - 2012-03-14 10:01 - 0320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-02-09 22:17 - 2012-03-14 10:01 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-02-09 21:41 - 2012-03-14 10:01 - 1170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2012-02-09 21:41 - 2012-03-14 10:01 - 1074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-09 21:41 - 2012-03-14 10:01 - 0739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-02-09 21:41 - 2012-03-14 10:01 - 0218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2012-02-09 21:41 - 2012-03-14 10:01 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-02-05 19:45 - 2012-02-05 19:45 - 0944264 ____A (Skype Technologies S.A.) C:\Users\Lani\Downloads\SkypeSetup(1).exe
2012-02-02 20:16 - 2012-03-14 10:01 - 3143168 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-01-31 04:44 - 2011-09-02 04:48 - 0279656 ____A (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-01-29 13:34 - 2008-01-01 08:43 - 0000000 ____D C:\Windows\System32\appmgmt
2012-01-28 23:31 - 2012-01-28 17:56 - 1190653594 ____A C:\Users\Lani\Downloads\Underworld.4.Awakening.2012.CAM.READNFO.XViD-INSPiRAL.avi
2012-01-28 20:08 - 2012-01-28 17:49 - 1694285434 ____A C:\Users\Lani\Downloads\rent.avi
2012-01-28 18:02 - 2012-01-28 17:00 - 0043862 ____A C:\Users\Lani\Documents\1325741628265.jpg
2012-01-28 16:06 - 2012-01-27 09:49 - 1174780392 ____A C:\Users\Lani\Downloads\X-Men.L.Inizio.2011.DvdRip.AAC.Ita.Eng.Subs.Chaps.x264-Spike.mkv
2012-01-27 11:01 - 2012-01-27 09:55 - 0000000 ____D C:\Users\Lani\Downloads\Jumping.the.Broom[2011]BDRip.720p[Eng.Rus]-Junoon
2012-01-27 11:01 - 2012-01-27 09:30 - 0000000 ____D C:\Users\Lani\Downloads\Joyful.Noise.XviD.CaM.READNFO.Assassins.RG
2012-01-27 10:28 - 2012-01-27 10:28 - 0000000 ____D C:\Users\Lani\AppData\Roaming\Media Player Classic
2012-01-26 21:24 - 2012-01-26 21:23 - 2652884 ____A (Alexander Vigovsky ) C:\Users\Lani\Downloads\ac3filter_1_62b.exe
2012-01-26 21:08 - 2012-01-26 21:06 - 9060224 ____A (Gygan Inc ) C:\Users\Lani\Downloads\gyganinstall_0775.exe
2012-01-26 20:23 - 2012-01-26 15:37 - 0000000 ____D C:\Users\Lani\AppData\Roaming\DivX
2012-01-26 19:30 - 2012-01-26 18:24 - 0000000 ____D C:\Users\Lani\Downloads\{www.scenetime.com}In Time 2011 DVDRiP XviD AC3 - BHRG
2012-01-26 18:23 - 2012-01-26 18:19 - 0000000 ____D C:\Users\Lani\Downloads\In.Time.2011.720p.BluRay.X264-AMIABLE
2012-01-26 15:40 - 2012-01-26 15:40 - 0000000 ____D C:\Users\Lani\AppData\Local\DDMSettings
2012-01-26 08:13 - 2012-01-26 08:13 - 0000000 ____D C:\Windows\Sun
2012-01-26 08:13 - 2012-01-26 08:13 - 0000000 ____D C:\Users\All Users\Sun
2012-01-26 08:13 - 2012-01-26 08:13 - 0000000 ____D C:\ProgramData\Sun
2012-01-26 08:12 - 2012-01-26 08:13 - 0472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-01-26 08:12 - 2012-01-26 08:13 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-01-26 08:12 - 2012-01-26 08:13 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-01-26 08:12 - 2012-01-26 08:13 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-01-25 16:13 - 2012-01-28 17:00 - 0007174 ____A C:\Users\Lani\Documents\1327536823301.jpg
2012-01-24 22:27 - 2012-03-14 00:15 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-01-24 22:27 - 2012-03-14 00:15 - 0076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-01-24 22:20 - 2012-03-14 00:15 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 21%
Total physical RAM: 2814.11 MB
Available physical RAM: 2206.23 MB
Total Pagefile: 2812.26 MB
Available Pagefile: 2238.08 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:219.87 GB) (Free:96.79 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
2 Drive d: (PQSERVICE) (Fixed) (Total:13.01 GB) (Free:4.77 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive g: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
6 Drive h: (Cruzer) (Removable) (Total:3.74 GB) (Free:0.04 GB) FAT32
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 Online 3835 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 13 GB 31 KB
Partition 2 Primary 219 GB 13 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D PQSERVICE NTFS Partition 13 GB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 219 GB Healthy

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3827 MB 19 KB

======================================================================================================

Disk: 2
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H Cruzer FAT32 Removable 3827 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-04-20 19:56

======================= End Of Log ==========================

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:03 AM

Posted 22 April 2012 - 11:08 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
HKLM-x32\...\Run: [cdEaqoYrltbao.exe] C:\ProgramData\cdEaqoYrltbao.exe [x]
HKU\Lani\...\Run: [QELArpLpPqGNrU] C:\ProgramData\QELArpLpPqGNrU.exe [221184 2012-04-21] ()
SubSystems: [Windows] ==> ZeroAccess
NETSVC: mcods
2012-04-21 16:53 - 2012-04-21 14:26 - 0302592 ____A C:\Users\Lani\Downloads\rn3k97bl.exe
2012-04-21 14:07 - 2012-04-21 17:34 - 0000000 ____A C:\Users\All Users\-QELArpLpPqGNrUr
2012-04-21 14:07 - 2012-04-21 17:34 - 0000000 ____A C:\ProgramData\-QELArpLpPqGNrUr
2012-04-21 14:07 - 2012-04-09 11:09 - 0000160 ____A C:\Users\All Users\-QELArpLpPqGNrU
2012-04-21 14:07 - 2012-04-09 11:09 - 0000160 ____A C:\ProgramData\-QELArpLpPqGNrU
2012-04-21 14:06 - 2012-04-21 17:35 - 0221184 ____A C:\Users\All Users\QELArpLpPqGNrU.exe
2012-04-21 14:06 - 2012-04-21 17:35 - 0221184 ____A C:\ProgramData\QELArpLpPqGNrU.exe
2012-04-21 14:06 - 2012-04-20 21:21 - 0000647 ____A C:\Users\Lani\Desktop\SMART_HDD.lnk
2012-04-21 14:06 - 2012-04-05 06:29 - 0000352 ____A C:\Users\All Users\QELArpLpPqGNrU
2012-04-21 14:06 - 2012-04-05 06:29 - 0000352 ____A C:\ProgramData\QELArpLpPqGNrU
2012-04-09 11:04 - 2012-04-09 11:09 - 0000160 ____A C:\Users\All Users\-FnYif0cvSWNHPfr
2012-04-09 11:04 - 2012-04-09 11:09 - 0000160 ____A C:\ProgramData\-FnYif0cvSWNHPfr
2012-04-09 11:04 - - 0000000 ____A C:\Users\All Users\-FnYif0cvSWNHPf
2012-04-09 11:04 - - 0000000 ____A C:\ProgramData\-FnYif0cvSWNHPf
cmd: del /a/f/q C:\Windows\Tasks\At*.job
cmd: Copy /y C:\Windows\System32\Drivers\qgwjmpdo.sys c:\
end

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options and select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Also restart, let it boot normally and tell me how it went.

#7 neolani

neolani
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 22 April 2012 - 11:25 AM

the computer booted as normal, i am on my homepage screen...here is the logfile...

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 22-04-2012
Ran by SYSTEM at 2012-04-22 12:19:50 R:1
Running from H:\

==============================================

HKLM-x32\\\.\.\.\\Run\\cdEaqoYrltbao.exe Value deleted successfully.
HKEY_USERS\Lani\Software\Microsoft\Windows\CurrentVersion\Run\\QELArpLpPqGNrU Value deleted successfully.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs mcods Deleted successfully.
C:\Users\Lani\Downloads\rn3k97bl.exe moved successfully.
C:\Users\All Users\-QELArpLpPqGNrUr moved successfully.
C:\ProgramData\-QELArpLpPqGNrUr not found.
C:\Users\All Users\-QELArpLpPqGNrU moved successfully.
C:\ProgramData\-QELArpLpPqGNrU not found.
C:\Users\All Users\QELArpLpPqGNrU.exe moved successfully.
C:\ProgramData\QELArpLpPqGNrU.exe not found.
C:\Users\Lani\Desktop\SMART_HDD.lnk moved successfully.
C:\Users\All Users\QELArpLpPqGNrU moved successfully.
C:\ProgramData\QELArpLpPqGNrU not found.
C:\Users\All Users\-FnYif0cvSWNHPfr moved successfully.
C:\ProgramData\-FnYif0cvSWNHPfr not found.
C:\Users\All Users\-FnYif0cvSWNHPf moved successfully.
C:\ProgramData\-FnYif0cvSWNHPf not found.

========= del /a/f/q C:\Windows\Tasks\At*.job =========


========= End of CMD: =========

im sorry, was i supposed to do something with the fixlist?

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:03 AM

Posted 22 April 2012 - 11:31 AM

Great. :thumbup2:

  • Click on this link--> virustotal

    Click the browse button. Copy and paste the line in bold in the open box, then click Send File.

    C:\qgwjmpdo.sys

    If the file is analyzed before, click Reanalyse File Now button.
    Please copy and paste the entire results of the scan in your next post. Also please give the link to the scan page.
  • Please download Malwarebytes' Anti-Malware from one of these locations:
    malwarebytes.org
    majorgeeks.com
    • Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

  • Please download MiniRegTool64.zip and unzip it.
    • Run the tool.
    • Copy and paste the following into the edit box:

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5]
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64]
    • Check Export keys radio button.
    • Press Go button and post the result.


#9 neolani

neolani
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 22 April 2012 - 11:46 AM

SHA256: f8e26da55e210d61e0adb349734ca59624238b1cb520514ecd598b79ab459a9f
SHA1: a23c2141ae0bcc97120cf7a744bf7f6af86e66f0
MD5: a412d2fd7c0e1b50a7845fa083894223
File size: 47.3 KB ( 48464 bytes )
File name: qgwjmpdo.sys
File type: unknown
Detection ratio: 0 / 42
Analysis date: 2012-04-22 16:44:50 UTC ( 0 minutes ago )

#10 neolani

neolani
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 22 April 2012 - 11:52 AM

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.21.07

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Lani :: LANI-PC [administrator]

Protection: Enabled

4/22/2012 12:49:12 PM
mbam-log-2012-04-22 (12-49-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra
Scan options disabled: Heuristics/Shuriken | PUP | PUM | P2P
Objects scanned: 222094
Time elapsed: 2 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#11 neolani

neolani
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 22 April 2012 - 11:55 AM

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5]
"Num_Catalog_Entries"=dword:00000006
"Serial_Access_Num"=dword:00000020
"Num_Catalog_Entries64"=dword:00000006

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001]
"LibraryPath"="mswsock.dll"
"DisplayString"="@%SystemRoot%\\system32\\nlasvc.dll,-1000"
"ProviderId"=hex:3a,24,42,66,a8,3b,a6,4a,ba,a5,2e,0b,d7,1f,dd,83
"SupportedNameSpace"=dword:0000000f
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002]
"LibraryPath"="mswsock.dll"
"DisplayString"="@%SystemRoot%\\system32\\wshtcpip.dll,-60103"
"ProviderId"=hex:40,9d,05,22,9e,7e,cf,11,ae,5a,00,aa,00,a7,11,2b
"SupportedNameSpace"=dword:0000000c
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003]
"LibraryPath"="%SystemRoot%\\System32\\winrnr.dll"
"DisplayString"="NTDS"
"ProviderId"=hex:ee,37,26,3b,80,e5,cf,11,a5,55,00,c0,4f,d8,d4,ac
"SupportedNameSpace"=dword:00000020
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000000
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004]
"LibraryPath"="%SystemRoot%\\system32\\napinsp.dll"
"DisplayString"="@%SystemRoot%\\system32\\napinsp.dll,-1000"
"ProviderId"=hex:a2,cb,4a,96,bc,b2,eb,40,8c,6a,a6,db,40,16,1c,ae
"SupportedNameSpace"=dword:00000025
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005]
"LibraryPath"="%SystemRoot%\\system32\\pnrpnsp.dll"
"DisplayString"="@%SystemRoot%\\system32\\pnrpnsp.dll,-1000"
"ProviderId"=hex:ce,89,fe,03,6d,76,76,49,b9,c1,bb,9b,c4,2c,7b,4d
"SupportedNameSpace"=dword:00000027
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006]
"LibraryPath"="%SystemRoot%\\system32\\pnrpnsp.dll"
"DisplayString"="@%SystemRoot%\\system32\\pnrpnsp.dll,-1001"
"ProviderId"=hex:cd,89,fe,03,6d,76,76,49,b9,c1,bb,9b,c4,2c,7b,4d
"SupportedNameSpace"=dword:00000026
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001]
"LibraryPath"="mswsock.dll"
"DisplayString"="@%SystemRoot%\\system32\\nlasvc.dll,-1000"
"ProviderId"=hex:3a,24,42,66,a8,3b,a6,4a,ba,a5,2e,0b,d7,1f,dd,83
"SupportedNameSpace"=dword:0000000f
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002]
"LibraryPath"="mswsock.dll"
"DisplayString"="@%SystemRoot%\\system32\\wshtcpip.dll,-60103"
"ProviderId"=hex:40,9d,05,22,9e,7e,cf,11,ae,5a,00,aa,00,a7,11,2b
"SupportedNameSpace"=dword:0000000c
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003]
"LibraryPath"="%SystemRoot%\\System32\\winrnr.dll"
"DisplayString"="NTDS"
"ProviderId"=hex:ee,37,26,3b,80,e5,cf,11,a5,55,00,c0,4f,d8,d4,ac
"SupportedNameSpace"=dword:00000020
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000000
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004]
"LibraryPath"="%SystemRoot%\\system32\\napinsp.dll"
"DisplayString"="@%SystemRoot%\\system32\\napinsp.dll,-1000"
"ProviderId"=hex:a2,cb,4a,96,bc,b2,eb,40,8c,6a,a6,db,40,16,1c,ae
"SupportedNameSpace"=dword:00000025
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005]
"LibraryPath"="%SystemRoot%\\system32\\pnrpnsp.dll"
"DisplayString"="@%SystemRoot%\\system32\\pnrpnsp.dll,-1000"
"ProviderId"=hex:ce,89,fe,03,6d,76,76,49,b9,c1,bb,9b,c4,2c,7b,4d
"SupportedNameSpace"=dword:00000027
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006]
"LibraryPath"="%SystemRoot%\\system32\\pnrpnsp.dll"
"DisplayString"="@%SystemRoot%\\system32\\pnrpnsp.dll,-1001"
"ProviderId"=hex:cd,89,fe,03,6d,76,76,49,b9,c1,bb,9b,c4,2c,7b,4d
"SupportedNameSpace"=dword:00000026
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001]
"LibraryPath"="mswsock.dll"
"DisplayString"="@%SystemRoot%\\system32\\nlasvc.dll,-1000"
"ProviderId"=hex:3a,24,42,66,a8,3b,a6,4a,ba,a5,2e,0b,d7,1f,dd,83
"SupportedNameSpace"=dword:0000000f
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002]
"LibraryPath"="mswsock.dll"
"DisplayString"="@%SystemRoot%\\system32\\wshtcpip.dll,-60103"
"ProviderId"=hex:40,9d,05,22,9e,7e,cf,11,ae,5a,00,aa,00,a7,11,2b
"SupportedNameSpace"=dword:0000000c
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003]
"LibraryPath"="%SystemRoot%\\System32\\winrnr.dll"
"DisplayString"="NTDS"
"ProviderId"=hex:ee,37,26,3b,80,e5,cf,11,a5,55,00,c0,4f,d8,d4,ac
"SupportedNameSpace"=dword:00000020
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000000
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004]
"LibraryPath"="%SystemRoot%\\system32\\napinsp.dll"
"DisplayString"="@%SystemRoot%\\system32\\napinsp.dll,-1000"
"ProviderId"=hex:a2,cb,4a,96,bc,b2,eb,40,8c,6a,a6,db,40,16,1c,ae
"SupportedNameSpace"=dword:00000025
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005]
"LibraryPath"="%SystemRoot%\\system32\\pnrpnsp.dll"
"DisplayString"="@%SystemRoot%\\system32\\pnrpnsp.dll,-1000"
"ProviderId"=hex:ce,89,fe,03,6d,76,76,49,b9,c1,bb,9b,c4,2c,7b,4d
"SupportedNameSpace"=dword:00000027
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006]
"LibraryPath"="%SystemRoot%\\system32\\pnrpnsp.dll"
"DisplayString"="@%SystemRoot%\\system32\\pnrpnsp.dll,-1001"
"ProviderId"=hex:cd,89,fe,03,6d,76,76,49,b9,c1,bb,9b,c4,2c,7b,4d
"SupportedNameSpace"=dword:00000026
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

#12 neolani

neolani
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 22 April 2012 - 12:37 PM

i still have smart hdd...not being impatient, i just dont know what to do

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:03 AM

Posted 22 April 2012 - 12:57 PM

  • Please download Attached File  Fix.reg   840bytes   5 downloads
    Double-click Fix-Reg and confirm the prompt to allow it to merge.
  • Important: Restart the computer.
  • Download Attached File  look.bat   94bytes   3 downloads
    Important: Right-click look.bat and select "Run as administrator".
  • Important: Restart the computer.
  • Download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools. (Information on A/V control HERE)
  • Double click on ComboFix.exe & follow the prompts.
When finished, it shall produce a log for you. Please copy and paste the C:\ComboFix.txt in your next reply.

#14 neolani

neolani
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 22 April 2012 - 02:20 PM

neither my laptop nor my sisters comoputer will let me copy and poaste this log from combofix, what can i do?

#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:03 AM

Posted 22 April 2012 - 02:26 PM

Why not? In case the log is too big remove all the entries under Snapshot section and post the rest. Or you can do the following:

Click on this link: http://www.bleepingcomputer.com/submit-malware.php?channel=66
  • Click Browse... and navigate to: C:\comboFix.txt
  • Highlight the zipped file and click Open.
  • Click Send File.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users